Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hijacker that diverts my homepage


  • Please log in to reply

#1
MSH69

MSH69

    New Member

  • Member
  • Pip
  • 1 posts
My homepage has been changed to hijacker website. I cannot get it removed from my system. Please help


I have used pest patrol to detect why my homepage is diverted to www.wow.access.com/serach/main.html.
Also when it hides behind "www.microsoet.com/start/php?url=" it diverts yahoo.com & google.com by using this address.
It says the program lies in the file: C:\windows\stsheets.dat , however, this does not show up in windows explorer.

Here are the findings of pest patrol:
Catagory: Hijacker
Author: coolwebsearch.com
Release date: 1/25/05
In FILE: C:\windows\stsheets.dat
PVT: -1323859766
MD5: 482aee62ac99e5064e074670a97f5741

I have ran "NoAdware" it does not detect it at all.

The following is my "Hijack This" log:

Logfile of HijackThis v1.99.1
Scan saved at 8:51:46 PM, on 5/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
C:\windows\system32\winpipe.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\secmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-acces...earch/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-acces...earch/main.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-acces...earch/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-acces...earch/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-acces...earch/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-acces...earch/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-acces...earch/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-acces...earch/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-acces...earch/main.html
O1 - Hosts: 1159680172 auto.search.msn.com
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [winpipe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\secmon.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /1
O4 - HKCU\..\Run: [NoAdware] "C:\Program Files\NoAdware3\NoAdware.exe" /s
O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: secmon.exe
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll (file missing)
O13 - DefaultPrefix: http://www.microsoet.../start.php?url=
O13 - WWW Prefix: http://www.microsoet.../start.php?url=
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Any assistance will be greatly appreciated in eradicating this hijacker!!!
Thank-you!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP